CRITICAL 9.8

PYSEC-2026-539

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

Details

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / sglang

Introduced in: 0 Fixed in: 0.5.10

Fix pip install --upgrade 'sglang>=0.5.10'

References

https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-3059 [ADVISORY]
https://github.com/sgl-project/sglang/pull/20904 [WEB]
https://github.com/sgl-project/sglang [PACKAGE]
https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py [WEB]
https://github.com/sgl-project/sglang/releases/tag/v0.5.10 [WEB]
https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities [WEB]
https://pypi.org/project/sglang [PACKAGE]
https://github.com/advisories/GHSA-rgq9-fqf5-fv58 [ADVISORY]